ToDo: diffs FF51-FF52

[earthlng]

v51.0 vs v52.0

/***************************************************
 * diffs between FF prefs v51.0 and v52.0
 *
 * prefs: 2833
 *        2717 matching prefs
 *         116 diffs ( 55 new, 38 gone, 23 different )
/***************************************************/

new in v52

• pref("signon.autofillForms.http", false); 3e27f5b
• pref("security.insecure_field_warning.contextual.enabled", true); 3e27f5b
• pref("network.http.referer.XOriginTrimmingPolicy", 0); f87a860
• pref("network.cookie.leave-secure-alone", true); 7be1dad
• pref("font.system.whitelist", ""); 6a04e89
• pref("security.pki.certificate_transparency.mode");
  • see comment
  • NOTE: added to Issue #20 for later

removed, renamed or hidden in v52

• pref("dom.telephony.enabled", false); 0226102
• pref("media.gmp-eme-adobe.enabled", true); 0226102
• pref("media.gmp-eme-adobe.visible", true); 0226102
• pref("network.http.sendSecureXSiteReferrer", true); 38bfb4c

changed in v52

• pref("browser.search.geoip.timeout", 3000); // prev: 2000 0201
• pref("javascript.options.wasm", true); // prev: false 6504744
• pref("network.captive-portal-service.enabled", true); // prev: false 0603b
• pref("network.predictor.enable-prefetch", true); // prev: false 0608
• pref("security.pki.sha1_enforcement_level", 3); // prev: 4 1260
• pref("dom.w3c_touch_events.enabled", 2); // prev: 0 2509
• pref("media.ondevicechange.enabled", true); // prev: false 2511

ignore

==NEW

* pref("app.update.timerFirstInterval", 30000);
* pref("browser.migrate.chrome.history.limit", 0);
* pref("browser.migrate.chrome.history.maxAgeInDays", 0);
* pref("browser.tabs.crashReporting.requestEmail", false);
* pref("browser.tabs.delayHidingAudioPlayingIconMS", 3000);
* pref("devtools.debugger.client-source-maps-enabled", true);
* pref("devtools.layoutview.enabled", false);
* pref("devtools.webconsole.filter.debug", true);
* pref("devtools.webconsole.filter.net", false);
* pref("devtools.webconsole.ui.filterbar", false);
* pref("dom.audiochannel.audioCompeting.allAgents", false);
* pref("dom.forms.datetime.timepicker", false);
* pref("dom.gamepad.extensions.enabled", false);
* pref("dom.idle_period.throttled_length", 10000);
* pref("dom.manifest.onappinstalled", false);
* pref("dom.requestIdleCallback.enabled", false);
* pref("dom.select_events.textcontrols.enabled", false);
* pref("dom.w3c_pointer_events.implicit_capture", false);
* pref("dom.webnotifications.requireinteraction.count", 3);
* pref("dom.webnotifications.requireinteraction.enabled", false);
* pref("gfx.canvas.skiagl.dynamic-cache", true);
* pref("identity.fxaccounts.contextParam", "fx_desktop_v3");
* pref("idle_queue.long_period", 50);
* pref("idle_queue.min_period", 3);
* pref("layers.draw-mask-debug", false);
* pref("layout.accessiblecaret.hide_carets_for_mouse_input", true);
* pref("layout.idle_period.required_quiescent_frames", 2);
* pref("layout.idle_period.time_limit", 1);
* pref("logging.config.clear_on_startup", true); [zilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1239686)
  * IF logging this clears the log on restart go see the DXR code
* pref("media.dormant-on-pause-timeout-ms", -1);
* pref("media.navigator.load_adapt.encoder_only", true);
* pref("media.peerconnection.dtmf.enabled", true); [zilla](https://bugzilla.mozilla.org/show_bug.cgi?id=1313406)
* pref("media.wmf.vp9.enabled", false);
* pref("narrate.filter-voices", true);
* pref("network.auth.private-browsing-sso", false);
* pref("network.http.max_response_header_size", 393216);
* pref("network.http.spdy.default-hpack-buffer", 65536);
* pref("plugins.favorfallback.mode", "never");
* pref("plugins.favorfallback.rules", "");
* pref("prompts.authentication_dialog_abuse_limit", 3); [CVE](https://www.mozilla.org/en-US/security/advisories/mfsa2017-05/#CVE-2017-5419) - will enforce if it changes
* pref("security.csp.enableStrictDynamic", true);
* pref("security.enterprise_roots.enabled", false);
* pref("security.mixed_content.hsts_priming_cache_timeout", 10080);
* pref("security.sandbox.windows.log.stackTraceDepth", 0);
* pref("services.sync.log.logger.engine.extension-storage", "Debug");
* pref("services.sync.validation.interval", 86400);
* pref("services.sync.validation.maxRecords", 100);
* pref("services.sync.validation.percentageChance", 10);
* pref("webextensions.storage.sync.enabled", false);
* pref("webextensions.storage.sync.serverURL", "https://webextensions.settings.services.mozilla.com/v1");

==REMOVED or HIDDEN

* pref("app.update.cert.requireBuiltIn", false);
* pref("bidi.support", 1);
* pref("browser.search.redirectWindowsSearch", true);
* pref("devtools.command-button-pick.enabled", true);
* pref("devtools.debugger.promise", false);
* pref("dom.apps.reset-permissions", false);
* pref("dom.cellbroadcast.enabled", false);
* pref("dom.icc.enabled", false);
* pref("dom.image.picture.enabled", true);
* pref("dom.image.srcset.enabled", true);
* pref("dom.manifest.oninstall", false);
* pref("dom.MediaError.message.enabled", false);
* pref("dom.mobileconnection.enabled", false);
* pref("dom.mozApps.debug", false);
* pref("dom.mozApps.maxLocalId", 1000);
* pref("dom.mozApps.signed_apps_installable_from", "https://marketplace.firefox.com");
* pref("dom.sms.defaultServiceId", 0);
* pref("dom.sms.enabled", false);
* pref("dom.sms.maxReadAheadEntries", 0);
* pref("dom.sms.requestStatusReport", true);
* pref("dom.sms.strict7BitEncoding", false);
* pref("dom.telephony.defaultServiceId", 0);
* pref("dom.undo_manager.enabled", false);
* pref("dom.voicemail.defaultServiceId", 0);
* pref("dom.voicemail.enabled", false);
* pref("layout.css.masking.enabled", true);
* pref("media.decoder.heuristic.dormant.enabled", true);
* pref("media.decoder.heuristic.dormant.timeout", 10000);
* pref("media.format-reader.ogg", true);
* pref("media.wave.decoder.enabled", true);
* pref("media.webm.intel_decoder.enabled", false);
* pref("network.http.enable-packaged-apps", false);
* pref("network.http.signed-packages.enabled", false);
* pref("security.apps.privileged.CSP.default", "default-src * data: blob:; script-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline'");

==CHANGED

pref("browser.shell.skipDefaultBrowserCheckOnFirstRun", false); // prev: true
pref("devtools.apps.forbidden-permissions", "embed-apps"); // prev: "embed-apps,embed-widgets"
pref("devtools.responsive.html.enabled", true); // prev: false
// https://developer.mozilla.org/en-US/docs/Web/API/Document/onselectionchange
pref("dom.select_events.enabled", true); // prev: false
pref("gfx.content.azure.backends", "direct2d1.1,skia,cairo"); // prev: "direct2d1.1,cairo"
pref("layout.css.grid.enabled", true); // prev: false
pref("layout.css.touch_action.enabled", true); // prev: false
pref("layout.accessiblecaret.enabled_on_touch", true); // prev: false
pref("layout.accessiblecaret.use_long_tap_injector", false); // prev: true
pref("media.decoder-doctor.notifications-allowed", `big long string`
pref("media.wmf.disable-d3d11-for-dlls", `massive long string not repeating here`
pref("memory.low_commit_space_threshold_mb", 128); // prev: 256
pref("memory.low_virtual_memory_threshold_mb", 128); // prev: 256
pref("narrate.voice", " { \"default\": \"automatic\" }"); // prev: "automatic"
pref("services.sync.registerEngines", `big long string`
pref("services.sync.sendTabToDevice.enabled", true); // prev: false

[earthlng]

re: gmp-eme-adobe => we should keep 1850 for now, because it's only fully removed in FF53.

Make Adobe Primetime CDM non-visible in Firefox - RESOLVED FIXED in Firefox 52

We will no longer be shipping Adobe Primetime support in Firefox.
So we should flip the pref to make it not appear by default in the add-on manager plug-in list, and thus render it invisible and disabled by default.
The Adobe Primetime CDM was already not being downloaded by default

Stop serving Adobe CDM to Firefox 52 and higher

Note: the change to make the Adobe Primetime CDM non-visible in the add-ons manager UI was done in bug 1329538 and is already in Firefox 52. The code to support the Adobe Primetime CDM was removed from gecko in bug 1329543 in Firefox 53.

Remove Adobe Primetime supporting code - RESOLVED FIXED in Firefox 53
-> see comment 1 for possible reason why it's only fully removed in FF53 instead of FF52

--> only removed in FF53: https://hg.mozilla.org/integration/autoland/rev/1d8062b87249
and here: https://hg.mozilla.org/integration/autoland/rev/d47e700dbc36

[earthlng]

pref("network.cookie.leave-secure-alone", true);

https://developer.mozilla.org/en-US/Firefox/Releases/52#HTTP
Insecure sites (http:) can't set cookies with the "secure" directive anymore as per the Strict Secure Cookies specification (bug 976073).

=> maybe worth adding and enforcing this

[earthlng]

pref("signon.autofillForms.http", false);
pref("security.insecure_field_warning.contextual.enabled", true);

https://www.fxsitecompat.com/en-CA/docs/2017/insecure-login-forms-now-disable-autofill-show-warning-beneath-input-control/

Flip prefs to disable login autofill on HTTP and enable the warning on insecure login fields
VERIFIED FIXED in Firefox 52 => https://bugzilla.mozilla.org/show_bug.cgi?id=1217152

Flip a pref to disable autofilling saved password on HTTP pages. Flip a pref to enable showing insecure password warnings in the password field autocomplete drop down.
https://hg.mozilla.org/mozilla-central/rev/f0d146fe7317

[earthlng]

makes you wonder why media.gmp-eme-adobe.autoupdate isn't removed

because it's set by the code itself and isn't in any of the pref.js-files.

https://dxr.mozilla.org/mozilla-release/source/toolkit/modules/GMPUtils.jsm#127
https://dxr.mozilla.org/mozilla-release/source/toolkit/mozapps/extensions/internal/GMPProvider.jsm#252

edit: mozilla-central already doesn't include gmp-eme-adobe in GMP_PLUGIN_IDS anymore:
mozilla-central
mozilla-release

[earthlng]

If we don't want browser.shell.skipDefaultBrowserCheckOnFirstRun should we also remove/comment-out browser.shell.checkDefaultBrowser ?
portableAppsFF already sets browser.shell.checkDefaultBrowser;false anyway, and non-portable users maybe would appreciate the prompt to make FF the default browser, IMO.

[earthlng]

re: security.pki.certificate_transparency.mode

https://wiki.mozilla.org/PKI:CT
https://www.certificate-transparency.org/

Atm there are only 2 possible values:

// Configures Certificate Transparency support mode:
// 0: Fully disabled, 1: Only collect telemetry. CT qualification checks are not performed. (default)

quote from here:

We do turn on a flag on the TLS handshake which asks servers to send SCTs via TLS if available, but besides that there are no visible changes.
The user can change it to the "disabled" mode which turns off all the CT related functionality (which is the TLS flag and the processing of incoming SCTs to generate telemetry).

When set to 1 it also shows additional information in the Security Dialog "Technical Details":
https://bug1305289.bmoattachments.org/attachment.cgi?id=8795781

It shows one of the following messages:

* None=This website does not supply Certificate Transparency audit records.
* OK=This website supplies publicly auditable Certificate Transparency records.
* UnknownLog=This website claims to have Certificate Transparency audit records, but the records were issued by an unknown party and cannot be verified.
* Invalid=This website supplies Certificate Transparency audit records, but the records failed verification.

based on this:

* The SCT is from a known log, and the signature is valid.  => OK
* The SCT is from an unknown log and can not be verified. => UnknownLog
* The SCT is from a known log, but the signature is invalid. => InvalidSignature
* The SCT signature is valid, but the timestamp is in the future.
   Such SCT are considered invalid (see RFC 6962, Section 5.2). =>InvalidSignature

afaik on the client-side the only thing that is eventually gonna change is that UnknownLog and Invalid might get rejected, or at least display a warning.
If and when Chrome makes the first step, None might also get rejected.

the Chrome team announced plans that publicly trusted website certificates issued in October 2017 or later will be expected to comply with Chrome’s Certificate Transparency policy in order to be trusted by Chrome.

the pros and cons as I see it:

• pref("security.pki.certificate_transparency.mode", 0);
  • pros
    • don't ask for SCTs => less data-transmission, hence slightly faster
    • no parsing of the SCTs => less code to run thru; avoid potential flaws in that code
  • cons
    • no info under "Technical Details" => who really looks at that anyway?
    • no flag in the TLS handshake => probably FP-able but who cares with all the 12xx prefs
    • we need to keep track of when mozilla changes the meaning of value 1 or adds more values

obviously for 1 the pros and cons are the exact opposite.

[Atavic]

This can be done in three different ways:

• Certificate Embedding
• TLS Extension (flag in the TLS handshake)
• OCSP Stapling

[earthlng]

We can ignore dom.webnotifications.requireinteraction.count and dom.webnotifications.requireinteraction.enabled because 2304 should cover it and even if not, it's still disabled at the moment. We can look into it when they set the latter to true.
IMO we can also ignore identity.fxaccounts.contextParam because that's part of SYNC and we have 0380

[earthlng]

Well, I'll definitely disable WASM in my own user.js. As for this user.js we also disable asm.js already and I think it's similar to that. I read the security page and they do a lot of things right but it remains to be seen if it is as safe and hard-to-exploit as they make it out to be.
I don't use browser games or things like that so I don't think I'll ever need/want WebAssembly.

dom.select_events.enabled has been disabled so far and in my user.js I plan to keep it that way and see if it breaks something. For this user.js we can ignore it I'd say.

media.wmf.vp9.enabled - agreed
gfx.canvas.skiagl.dynamic-cache - sounds tricky so yeah better not mess with it

2502 isn't battery API removed?

no, it's not accessible for web-content anymore but they left the pref intact for use in addons, afaik.

media.peerconnection.dtmf.enabled - Enable DTMF by default
https://en.wikipedia.org/wiki/Dual-tone_multi-frequency_signaling
It's probably irrelevant with the other WebRTC/peerconnection stuff already disabled.
But I can't be bothered to look at the code for this shit so I'll just disable it in my own user.js.

security.enterprise_roots.enabled - useful in enterprise environments only, and most likely will remain default false forever. We can include it and enforce it to false but IMO lets ignore it for the sake of not ending up with 1000+ prefs all too soon ;)

font.system.whitelist - we found ourselves a new hidden pref - hooray!! :)

[earthlng]

battery API - why deprecate it when it still exists?
I gave up trying to convince you of something so I'll leave it at that ;)

wasm - same as above, I'll resort to telling you what I'm doing for my user.js and you decide what you want to do for this user.js.

[earthlng]

Did a diff with stable FF52 and 2 things changed since the Beta diff:

pref("dom.audiochannel.audioCompeting.allAgents", false); // new pref
pref("media.wmf.vp9.enabled", false); // false instead of true in stable vs beta

[earthlng]

prompts.authentication_dialog_abuse_limit is the fix/workaround for CVE-2017-5419

[crssi]

SKIA looks cool from iCandy point of view.
Now the
user_pref("gfx.direct2d.disabled", true);
user_pref("layers.acceleration.disabled", true);
does not jerks the fonts. :)

[earthlng]

the 52 upgrade altered my inner window height by 2 pixels less

damn son, how the hell did you notice that so fast??!! It also changed my height by 1 pixel. Thanks for pointing it out!

wasm is only supported in Firefox at the moment, so we should be good with disabling it for now.
It sounds to me like it's primarily designed for mobile. see here

We’re particularly excited about the potential on mobile — do all those apps really need to be native?

narrate.enabled - is only accessible in the Reader View (which we have disabled) and also relies on media.webspeech.synth.enabled (also disabled)
It's only used once in DXR and is not even looked at if win.speechSynthesis == false

[Atavic]

1409: I don't see real collisions. I'm looking at a reduced list from the most common OS
(Windows 7) but without the fonts from Office or Adobe Creative Suite installs.
https://bugzilla.mozilla.org/show_bug.cgi?id=1121643#c5

Fanboy's Anti-thirdparty Fonts reference:
uBlockOrigin/uAssets#298 (comment)

[earthlng]

@Atavic, what he means is if due to 1401 only the 3 fonts in 1404 are allowed/used, then what would happen if someone would add f.e. only one font into the whitelist, but one that is not in 1404.

[Atavic]

1409: The whitelist is announced to the webserver, while the other entries are locally managed in the browser.

[earthlng]

Well, I don't know if that's correct. For one it's never announced to webservers - they can test if one or another exists but it's never announced as "this is the list of fonts you can use", at least afaik.
Flash is different, but that can be dealt with too.
I remember reading in one of the bugzillas way back when, that a collision could indeed happen. Idk if they addressed/fixed that but I assume they did.

[earthlng]

Hey Pantsy, thanks for pointing out the pref("logging.config.clear_on_startup", true) - it's actually quite interesting - not the pref itself (we can safely ignore that), but the feature behind it.

[earthlng]

This collaboration on the diffs worked out really nicely. Much easier than both of us doing it on our own.
And we now have a permanent log of what exactly we did with each pref. very nice (read in Borat voice)

[earthlng]

security.pki.certificate_transparency.mode - yes, whatever, but we should definitely add it.
I was leaning more towards adding it with 0 because it offers not protection atm, but 1 is okay.

Yes, we will pick up on diffs between releases

it depends. if they change the meaning of 1 or add more values but don't change the current default - we won't notice it in the diffs.

I'll do diffs for minor versions too - it only takes a minute or so anyway. Since I'm now doing the diffs by parsing the prefs.js files, I don't have to install it anymore and could even do diffs for each new Beta.
-> download the setup, point my script at the setup to extract the files, define which versions to compare, wait a bit and voila - diff created.

[earthlng]

I don't buy the reasons you say for changing it to zero

wow, that's a pretty loaded statement. What exactly do you think I was trying to sell?

I was leaning more towards adding it with 0 because it offers not protection atm

If you're referring to this, that's not trying to sell anything it's just stating an undisputed fact.

My reason: If I can disable some code-parts that don't offer anything protection-wise and only show a message that I never look at anyway, and by doing so completely prevent any potential flaws in those code-parts - it's a win-win and I will do that without hesitation any day of the week, at least until that feature starts doing something meaningful.
Admittedly there's probably close to zero risk for flaws in those code-parts, but why risk it if it doesn't offer me anything anyway, and it's as simple as changing a single pref to make 100% sure.

We disable a lot of things for which there's no immediate threat or vulnerability, like fe. disable some more exotic and rare media formats like raw and wave. That's why I was playing with the idea of also disabling security.pki.certificate_transparency.mode, at least for now.

Paste the proposed code IN HERE.

Proposal: ignore both remaining prefs and add security.pki.certificate_transparency.mode to the list of prefs "to keep an eye on"